Cybersecurity in the financial system is undergoing a rapid transformation. Local regulatory resilience, the emergence of new technologies and unprecedented progress in digital fraud have placed banks and companies in the sector in a scenario where threats are evolving faster than traditional response capacity.
This was the focus of the meeting Historian Together with Lumu Technologies, which brought together CISOs and security managers from banks and companies in the financial ecosystem. Throughout the conversation, critical points that will characterize the industry’s work in the coming years were identified.
Digital fraud: a threat that replaces traditional attacks
Classic cyberattacks – such as ransomware or denial of service – still exist, but the main concern today is different: Information leakage Digital economic fraud. Beyond the simple scams that have spread during the pandemic, the current scenario increasingly involves organized gangs using more sophisticated tools.
One of the most frequently mentioned cases was Mikotio and GrandorieroTypes of malware that are installed on a user’s computer and allow the attacker to act as if they were the client themselves: use their credentials, devices, location, and even multiple factors without the person noticing.
“We had already known cyberattacks like denial of service and ransomware, but if we were to focus on last year and this year, what affected us the most in the banking industry was banking fraud. There was a type of fraud done through malware called Mycotio that affected Latin America above all and within Latin America Argentina above all.”said Pablo Paul, Chief Information Security Officer at Banco CMF.
With this level of imitation, intrusion detection becomes extremely difficult. The problem does not lie in the bank’s infrastructure, but in an area where the entity does not have much control: Client team.
“It is very special because it comes from the customer side. Applying countermeasures and stopping them is more complicated because it will also depend on the security that the customer has.”Eddie Perez, Security Engineering Leader at Banco Hipotecario.
This new wave of fraud has redefined strategic planning for security zones. According to CISOs, today the priority is Predict abnormal behavior At the user and network level rather than identifying high-impact external attacks.
Ransomware and phishing: reputational risks
Today’s ransomware faces a more prepared ecosystem. However, this does not mean less risk. Attackers have modified their model: if they can no longer blackmail to restore the system, they do so for stolen information. It became a threat Publishing sensitive datawhich can lead to severe reputational damage and, in some cases, legal action by affected customers.
Specialists agree that phishing remains the most common entry point. The complexity of campaigns, combined with increasingly active users on digital channels, creates an ecosystem that is difficult to control. However, in recent years, cybercriminals have also focused on exploiting blind spots in the supply chain – particularly in technology providers – that organizations use to expand their suite of digital solutions.
“Cybersecurity or protection in digital channels should come together with school subjects like music or ethics; you have to explain it. New generations should know how to protect themselves.”Eduardo Sofía, Head of Information Security at Gear.
The central problem is structural: Cybersecurity education is practically non-existentEven at the school level. Many users operate banking platforms quite normally, but without minimal knowledge of digital security. This gap enables everything from simple deception to complex social engineering maneuvers.
Banks have invested in awareness campaigns, progressive controls, and behavioral verification, but the consensus is clear: without broader digital literacy, risks will continue to shift beyond the corporate perimeter.
User pressure: speed, frictionlessness and maximum safety
The growth of mobile banking has modified the relationship between users and financial entities. Today, expectations combine contradictory demands, such as: Speed and constant availability No failures, high security standards, even when the user is not willing to complete it Frictionless, with minimal steps and invisible checks.
In other words, applications are expected to be “all-in-one”: flexible, intuitive and armored. The goal is to detect anomalies without affecting the user experience.
“The customer wants to use a platform that is robust, always available, secure, two clicks, frictionless. They don’t want the extra step of asking for an image… they want it to be secure. So the challenge is to implement controls that are transparent to the user.”Paul pointed out.
Investments and talent: an ecosystem searching for balance
Recent years have demonstrated a cultural change: cybersecurity is no longer just a cost, but a strategic board issue. Global incidents, attacks on local businesses, and media exposure have helped cement this reality.
“The product or company owner must work alongside cybersecurity leaders in modeling and analyzing risks and threats and understanding the threats that could be addressed.”the CISO at Gire confirmed.
However, there is a problem that runs through the entire industry: Lack of specialized cybersecurity talent. Demand exceeds supply, and teams often include young professionals with significant technological proficiency but less security experience, requiring additional effort in resources and time to develop the necessary skills.
Experts agree and warn that today it is impossible to rely on a “guru” who manually monitors all events. The scale, speed and sophistication of attacks forces us to automate processes and use platforms capable of continuous behavior analysis that are easy to operate on a daily basis. This combination – trained people plus modern AI-powered technologies that are easy to integrate into the process and that deliver value quickly – is the only way to maintain an agile operation.
The emergence of artificial intelligence agents and the urgent regulatory need
The adoption of AI in operational areas has progressed much faster than expected. Projects planned for 2026 are already underway, driven by business areas seeking to improve times and processes.
“I have planned to implement AI security for 2026 and have already done so in negotiations. The pace of implementation accelerated in the last quarter of the year, and has increased significantly.”stated the CEO of Banco Hipotecario.
But this exponential growth opens up new risks such as agents being able to trigger transactions without technical supervision, integration with systems without sufficient prior controls, and the use of unauthorized models in sensitive domains, among others.
“I have had to put in place strict procedures and standards to regulate and monitor the way AI is implemented, ensure its safe and responsible use, and even go so far as to limit the use of some AI functions, models and agents when they pose a risk to the business,” Eddie Perez said.
Experts expect that the next big battle will be Distinguish between legitimate clients and malicious clients That mimic the behavior of users or employees. This line will become increasingly blurred.
Faced with this new scenario, some banks have already begun to establish internal rules to determine which models can be used, in which environments, and under which audits.
Many companies have adopted standards such as PCI DSS, SOC 1, SOC 2, ISO 27001and formalize compliance policies to demonstrate maturity and reduce risks associated with technological interdependence.
Regulations and data management: another outstanding front
Despite the progress made in internal practices, many experts have highlighted this Argentine data protection legislation is outdated It does not keep pace with the speed of the digital market.
Current regulations are more than a decade old They do not take into account current scenarios such as artificial intelligence, autonomous agents, advanced biometrics, or supply chain commitments. There are initiatives seeking to update the law according to European standards (such as the General Data Protection Regulation), but they have not yet been implemented.
“We all agree that regulation allows for some good practices, but regulation does not equal security. Compliance allows you to create claims processes, but it does not protect you from the first risk; it does not prevent you from being robbed.”, Christian TorresMarketing Director for Latin America at Lumu Technologies.
This gap affects banks’ ability to manage risks, assign responsibilities, and coordinate policies across multiple areas, from technology to fraud and data management.
“One of the challenges for CISOs is to be at the forefront of development, because too often security came last and was seen as an obstacle. It’s important for CISOs to have more weight within the board and be seen as a peer, so that they say, ‘We’re going to develop this and I want you to be involved in the security of this product from the beginning.’”Pedro Perez, Sales Leader for the Southern Cone of Lumu Technologies.
In an environment where threats are constantly changing – driven by criminal innovation, technology and market pressures – banks are betting on anticipation, flexibility and collaboration.
The future of the sector will depend on this balance: a model in which each layer – users, companies, suppliers and the state – takes an active role in maintaining digital trust.
“There is a very large community, at least in Argentina, of CISOS, where we collaborate and interact, and when it happens to someone, there is a lot of collaboration… Security is not a product, it is a process and we do it together. We are all responsible for it”Sophia concluded with specialists.